Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21552

21552 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2023-1978 ShiftController Employee Shift Scheduling <= 4.9.25 - Reflected Cross-Site Scripting via Query String — ShiftController Employee Shift Scheduling 6.1 Medium2023-06-09
CVE-2023-0708 Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf_first_name shortcode — MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor 5.4 Medium2023-06-09
CVE-2023-2305 Download Manager <= 3.2.70 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Download Manager 6.4 Medium2023-06-09
CVE-2023-0710 Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf_thankyou shortcode — MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor 4.9 Medium2023-06-09
CVE-2023-2584 PixelYourSite <= 9.3.6 and PixelYourSite Pro <= 9.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting — PixelYourSite – Your smart PIXEL (TAG) & API Manager 4.4 Medium2023-06-09
CVE-2023-2402 Photo Gallery Slideshow & Masonry Tiled Gallery <= 1.0.13 - Reflected Cross-Site Scripting — Photo Gallery Slideshow & Masonry Tiled Gallery 6.1 Medium2023-06-09
CVE-2023-1403 Weaver Xtreme Theme <= 5.0.7 - Authenticated(Contributor+) Stored Cross-Site Scripting via Display Name — Weaver Xtreme 6.4 Medium2023-06-09
CVE-2023-1917 PowerPress <= 10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — PowerPress Podcasting plugin by Blubrry 5.4 Medium2023-06-09
CVE-2023-2452 Advanced Woo Search <= 2.77 - Authenticated (Admin+) Stored Cross-Site Scripting — Advanced Woo Search – Product Search for WooCommerce 4.4 Medium2023-06-09
CVE-2023-2604 Team Circle Image Slider With Lightbox <= 1.0.17 - Reflected Cross-Site Scripting — Team Circle Image Slider With Lightbox 6.1 Medium2023-06-09
CVE-2023-0709 Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf_last_name shortcode — MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor 5.4 Medium2023-06-09
CVE-2023-2767 WordPress File Upload / WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Stored Cross-Site Scripting — Iptanus File Upload 4.4 Medium2023-06-09
CVE-2023-0695 Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf shortcode — MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor 5.4 Medium2023-06-09
CVE-2023-0992 Shield Security <= 17.0.17 - Unauthenticated Stored Cross-Site Scripting — Shield: Blocks Bots, Protects Users, and Prevents Security Breaches 7.2 High2023-06-09
CVE-2023-26465 Pegasystem PEGA Platform 跨站脚本漏洞 — Pega Infinity 6.1 -2023-06-09
CVE-2023-3165 SourceCodester Life Insurance Management System POST Parameter insertNominee.php cross site scripting — Life Insurance Management System 3.5 Low2023-06-08
CVE-2023-23480 IBM Sterling Partner Engagement Manager cross-site scripting — Sterling Partner Engagement Manager 5.4 Medium2023-06-08
CVE-2023-23481 IBM Sterling Partner Engagement Manager cross-site scripting — Sterling Partner Engagement Manager 6.4 Medium2023-06-08
CVE-2023-33846 IBM CICS TX cross-site scripting — TXSeries for Multiplatforms 5.4 Medium2023-06-08
CVE-2023-3144 SourceCodester Online Discussion Forum Site manage_post.php cross site scripting — Online Discussion Forum Site 3.5 Low2023-06-07
CVE-2023-3143 SourceCodester Online Discussion Forum Site manage_post.php cross site scripting — Online Discussion Forum Site 3.5 Low2023-06-07
CVE-2020-36731 Flexible Checkout Fields for WooCommerce <= 2.3.1 - Unauthenticated Arbitrary Plugin Settings Update — Flexible Checkout Fields for WooCommerce – WooCommerce Checkout Manager 7.2 High2023-06-07
CVE-2021-4378 WP Quick FrontEnd Editor <= 5.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting — WP Quick FrontEnd Editor – WordPress Plugin 6.4 Medium2023-06-07
CVE-2020-36722 Visual Composer <= 26.0 - Multiple Cross-Site Scripting — Visual Composer Website Builder 5.5 Medium2023-06-07
CVE-2021-4372 WooCommerce Dynamic Pricing and Discounts <= 2.4.1 - Stored Cross-Site Scripting — WooCommerce Dynamic Pricing and Discounts 6.5 Medium2023-06-07
CVE-2019-25148 WP HTML Mail < 2.9.1 - HTML Injection — Email Template Designer – WP HTML Mail 6.1 Medium2023-06-07
CVE-2019-25147 Pretty Links <= 2.1.9 - Unauthenticated Stored Cross-Site Scripting via track_link — PrettyLinks – Affiliate Links, Link Branding, Link Tracking, Marketing and Stripe Payments Plugin 7.2 High2023-06-07
CVE-2019-25146 DELUCKS SEO < 2.1.8 - Stored Cross Site Scripting — DELUCKS SEO 7.2 High2023-06-07
CVE-2021-4365 Frontend File Manager <= 18.2 - Unauthenticated Stored Cross-Site Scripting — Frontend File Manager Plugin 7.2 High2023-06-07
CVE-2021-4367 Flo Forms – Easy Drag & Drop Form Builder <= 1.0.35 - Options Change to Stored Cross-Site Scripting — Flo Forms – Easy Drag & Drop Form Builder 6.4 Medium2023-06-07

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21552 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.